Skip to main content
vprabhu_FTNT
Staff
vprabhu_FTNT
Staff
August 16, 2020

Technical Tip: Redistribute VIP IP or SNAT IP Pool to BGP peer

  • August 16, 2020
  • 0 replies
  • 7638 views

Description

 

This article describes the use of Virtual IP / SNAT IP Pool to redistribute in BGP to advertise to other BGP peers.
It is helpful in scenarios where the VIP IP or the SNAT IP Pool is out of the subnet range of exit interface subnet/peer.

Scope

 

BGP is set up and peering is up between 2 units.
VIP/VIP range or SNAT IP Pool is configured, as well as policies configured that reference the VIP or SNAT IP Pool.


Solution

 

BGP requires the network to be known in the network table to advertise to its peer, which does not happen with VIPs (with different subnets than the exit interface IP) as a virtual IP does not show in the network routing table. This is also true for SNAT IP Pools.

Since it is impossible to redistribute Virtual IPs or SNAT IP Pools in BGP, create a static black hole route and redistribute the static route in the BGP as follows:

  • VIP/SNAT IP Pool subnet: 10.98.8.0/24 is configured on 'FGT1'.
  • Exit interface IP is 10.106.0.62.
  • This subnet 10.98.8.0/24 is required to be advertised to BGP peer so the VIP IP/SNAT IP Pool is reachable from remote 'FGT2'.

Screenshot 2024-12-16 173130.png
 
Configuration steps:

'FGT1':
 
config router static
    edit 0
        set dst 10.98.8.0 255.255.255.0
        set blackhole enable
    next
end
config router bgp
    config redistribute "static"
        set status enable
    end
 
In 'FGT2', no config changes are required, as the route will be advertised from the 'FGT1' BGP peer.

Verification command:
 
get router info routing de 10.98.8.0
Routing table for VRF=0
Routing entry for 10.98.8.0/24
  Known via "static", distance 10, metric 0, best
  * directly connected, Null
FGT1 # get router info bgp neighbors 10.106.0.113 advertised-routes
VRF 0 BGP table version is 7, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight RouteTag Path
*>i10.56.240.0/22   10.91.1.1                     100  32768        0 ? <-/->
*>i10.80.1.0/24     10.106.0.62                   100  32768        0 i <-/->
*>i10.98.8.0/24     10.106.0.62                   100  32768        0 ? <-/->

FGT2(root) # get router info routing de bgp
B       10.98.8.0/24 [200/0] via 10.106.0.62, port4, 00:31:10

FGT2(root) # get router info bgp network 10.98.8.0/24
BGP routing table entry for 10.98.8.0/24
Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Not advertised to any peer
  Local
    10.106.0.62 from 10.106.0.62 (4.4.4.4)
      Origin incomplete metric 0, localpref 100, valid, internal, best
      Last update: Thu Aug  6 10:20:48 2020

 

Related article:

Configuration Example: Using VIP (Virtual IP) for Port Translation only

Terms & ConditionsAccessibility statement